MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 64bb5465dcb0bb66c0dc046bbbccafeeb60f034fe4b8cbb835856499481a9274. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 64bb5465dcb0bb66c0dc046bbbccafeeb60f034fe4b8cbb835856499481a9274
SHA3-384 hash: 5ce5c45ef9b80e5cc57148e31da79f00df4583da2be5ba3d5e1c4575dca1bb54748d10e0742f3e3fd9a445c4eb80f701
SHA1 hash: 5f9297fd188ceb6755d7b7a68535eb7c41b6dbf1
MD5 hash: d4be51fb1a284d5413b9b60423be3a86
humanhash: hotel-finch-ten-wolfram
File name:672d027afb45028f8d6530c5a5c4b46d780670cf59d17e5a6b37a5f0c55f3c6d.bin.sample.gz
Download: download sample
File size:988'751 bytes
First seen:2025-12-31 06:43:03 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 24576:zxDfoih9CbQUMYLSjnUg9jvwl/lAyOKjc66qwLJ4nZDmHVD:zxDfJ9cLLLSQg9jvwFlBc6+LJ4ZG
TLSH T1EA2533B053871821243624227643A4E7C3B9BF64FA52F96B60D1677EF9BC197A50B0CF
Magika gzip
Reporter KodaDr
Tags:gz trojan


Avatar
KodaDr
Detects loading of "Amsi.dll" by a living of the land process. This could be an indication of a "PowerShell without PowerShell" attack

Intelligence

File Origin
# of uploads :
1
# of downloads :
26
Origin country :
AL AL
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:64bb5465dcb0bb66c0dc046bbbccafeeb60f034fe4b8cbb835856499481a9274~
File size:2'081'792 bytes
SHA256 hash: 672d027afb45028f8d6530c5a5c4b46d780670cf59d17e5a6b37a5f0c55f3c6d
MD5 hash: a2c24fde8dff202096e450dbddaec48f
MIME type:application/x-dosexec
Vendor Threat Intelligence
No detections
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6954c606e148d42004de1127
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug base64 crypto krypt mingw packed
Link:
https://www.filescan.io/uploads/6954c60365e07687fdf319bc/reports/346a18dc-faf0-4fd2-a627-fd81a8a2d1e7/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/64bb5465dcb0bb66c0dc046bbbccafeeb60f034fe4b8cbb835856499481a9274
Result
Gathering data
Verdict:
Malicious
File Type:
gz
Link:
https://opentip.kaspersky.com/64bb5465dcb0bb66c0dc046bbbccafeeb60f034fe4b8cbb835856499481a9274/results?tab=lookup
Score:
74%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/64bb5465dcb0bb66c0dc046bbbccafeeb60f034fe4b8cbb835856499481a9274
Verdict:
inconclusive
YARA:
1 match(es)
Tags:
Executable GZip Archive PE (Portable Executable) PE File Layout
Link:
https://app.malva.re/file/d4be51fb1a284d5413b9b60423be3a86
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/64bb5465dcb0bb66c0dc046bbbccafeeb60f034fe4b8cbb835856499481a9274/
Verdict:
Malicious
Threat:
Trojan.Win64
Link:
https://tip.neiki.dev/file/64bb5465dcb0bb66c0dc046bbbccafeeb60f034fe4b8cbb835856499481a9274
Threat name:
Win64.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-31 06:43:18 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
7 of 36 (19.44%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ms5vizo4wc5wnqg4arv3xtfp523a6a2p4s4mxobvqvsjssa2sj2a._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments